Link to home
Get AccessLog in
Avatar of llangrell
llangrell

asked on

Barracuda Spam Filter and Exchange 2003 Outbound Email

I need to configure my Pix 515 firewall to forward incoming mail to a Barracuda Spam Firewall and keep outgoing mail going through the Exchange 2003 Server. According to Barracuda, I should be able to do this with port forwarding. When I static route the public Exchange address to the Barracuda, it takes and processes the mail just fine, but outbound smpt then queues up in the Exhcange server, obviously because it has no idea where to go.  I do have addtional public addresses that I can use. We are natted and both the Pix and the Barracuda are behind the DMZ in the corporate LAN. Does anyone have any suggestions on how this should be done? Thanks in advance.
Avatar of batry_boy
batry_boy
Flag of United States of America image

Let me make sure I understand what you're wanting:

Inbound mail flow on TCP 25 should be allowed inbound to the Barracuda, then it forwards on any e-mail that is not spam to the Exchange server which is on the inside LAN.
Outbound mail flow should go straight from the Exchange server to the world.

Questions:
1.  Is that correct?  If not, please clarify.
2.  If so, is the Barracuda on the inside network (with the Exchange server) or on the DMZ network segment?
Avatar of Cyclops3590
This is what I do with the setup like you have.  One static entry from the barracuda, one static entry for the exchange server. Both would be NAT static entries.
Allow port 25/tcp on the outside interface to the barracuda public IP.   Then allow port 25 on the interface that the exchange server connects to.  For example, if its on your DMZ network, make sure to allow 25/tcp from your exchange server.

Note of interest:  Specifically block all 25/tcp traffic that shouldn't be allowed to send email.  This is a proactive measure to keep your public IPs from being added to blacklists.
Avatar of llangrell
llangrell

ASKER

That is exactly what I am trying to do:

Inbound mail flow on TCP 25 should be allowed inbound to the Barracuda, then it forwards on any e-mail that is not spam to the Exchange server which is on the inside LAN.
Outbound mail flow should go straight from the Exchange server to the world.

Currently I have the static (inside,outside) set up for port 25 to the Exchange server. I guess I'm not sure what commands to use. Both are in the local LAN; neither are in the DMZ.
ASKER CERTIFIED SOLUTION
Avatar of Cyclops3590
Cyclops3590
Flag of United States of America image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Thanks Cyclops! Now I need to get my OWA working right, but I can figure that out.
shouldn't be difficult.  just add an entry to the outside acl for port 443/tcp to the public ip of the exchange server and you should be good to go.
Thanks again. It was a piece of cake. I pretty much had the configuration figured out right from the beginning. One thing I failed to do was restart the smtp service on the Exchange server after the pix changes. When the outbound mail qeued up, I started second guessing myself. All is well now.